May 28, 2016
Safe Harbor Overview
The U.S. Department of Commerce and the European Commission previously agreed on a set of data protection principles and frequently asked questions (the “U.S.-EU Safe Harbor Privacy Principles”) that formerly enabled U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the European Union to the United States. The European Economic Area (EEA) also previously recognized the U.S.-EU Safe Harbor Privacy Principles as having provided adequate data protection. The U.S.-EU Safe Harbor Privacy Principles are no longer considered a valid data transfer mechanism in the EEA. Nevertheless, Sodexo continues to comply with the U.S.-EU Safe Harbor Privacy Principles. The U.S. Department of Commerce and the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland have agreed on a similar set of data protection principles and frequently asked questions (the “U.S.-Swiss Safe Harbor Privacy Principles”) to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States. Sodexo has certified that it adheres to the U.S.-EU and U.S.-Swiss Safe Harbor Privacy Principles (collectively the “Safe Harbor Privacy Principles”). To learn more about the Safe Harbor program and/or to view our certification page, please visit http://www.export.gov/safeharbor.
At Sodexo, we follow the Safe Harbor Privacy Principles published by the U.S. Department of Commerce with respect to all personal information maintained in the Maximo Website Application.
“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, Sodexo or to which Sodexo discloses personal information for use on Sodexo's behalf.
“Sodexo” means Sodexo, Inc., and includes its predecessors, successors, subsidiaries, divisions, and groups in the United States.
“Personal information” means any information or set of information that identifies or could be used by or on behalf of Sodexo to identify an individual.
“Maximo Website Application” means Sodexo’s global Maximo application, which is a web based, centrally hosted (in North America) integrated facilities management platform. It is based on a global core model, providing end users with an easy to use, end-to-end solution in multiple countries (including the European Union), and languages. Sodexo operates this application in support of its facilities management services, provided to its customers and maintains and manages the application utilizing supporting processes and tools which enable the transfer of data into the application and validation of that data. This definition includes the tools and processes used in the support and maintenance of the application.
Notice will be provided in clear and conspicuous language when individuals access the www.sodexoUSA.com website, and in any event before Sodexo uses or discloses the information for a purpose other than that for which it was originally collected.
To use the application, you may be required to register by providing contact information such as a user ID, password, name, business title, business address, business telephone number, business e-mail address and/or other contact information. Sodexo may use this information to communicate with you regarding changes in functionality of the web application, billing, help desk or service requests, and/or other activities relating to the operation of the application.
In addition to the Personal Information you actively provide, Sodexo will also collect information about your application session including IP address, and login entry and exit points.
Lastly, Sodexo will collect information concerning interaction with the Maximo Website Application, including transactions and other usage. We may use this transactional data for its intended purpose within Sodexo’s business with, for, or on behalf of you or your employer. We will not share this transactional data with any third-party except to the extent reasonably required in Sodexo’s business with, for, or on behalf of your employer or to respond to a service request or other inquiry you make of us.
In summary, Sodexo will use your Personal Information for the purposes of:
- Processing and managing your work order or service request
- Communicating with you about your work order or service request
- Managing your account
- Responding to your customer service inquiries
- Communicating, to the extent required, with and managing our relationship with Sodexo’s consultants, strategic partners, agents, distributors, suppliers, contractors and other third parties in order to provide services you have requested;
- Improving the Maximo Website Application
- Meeting any applicable legal and/or regulatory requirements
- Any other purpose to which you have consented
Sodexo does not transfer, share, sell Personal Information collected or stored within the Maximo Website Application to any third-party, except to the extent reasonably required in Sodexo’s business with, for, or on behalf of your employer or to respond to a service request or other inquiry you make of us. Therefore, at this time, Sodexo does not provide an opt-out for transferring, sharing, selling your Personal Information for the purposes stated above. In any event, before Sodexo uses or discloses your information for a purpose other than that for which it was originally collected, you will be notified and you will have the opportunity to opt out of such disclosures as required by regulation or statute.
Sodexo will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual to which the information pertains. Sodexo will take reasonable steps to ensure that Personal Information is relevant for its intended use, accurate, complete, and current.
Transfers to Agents
Sodexo may share information with third-parties that provide support services to Sodexo such as contractors we engage to provide services you have requested. These companies may need information about you in order to perform their functions in accordance with the services you request or to assist Sodexo in maintaining the Maximo Website Application. These companies are not permitted to use the information we share with them for any other purpose. Additionally, Sodexo may disclose specific information upon governmental request, in response to a court order, when required by law, to enforce our corporate policies, or to protect the rights, property, and/or safety of others. Sodexo does not provide Personal Information to these agencies or companies for marketing or commercial purposes.
In the event of a sale of some or all of our business, Sodexo may disclose Personal Information to those involved in a transfer of all or part of the assets or business.
Access and Correction
To remove or modify your Personal Information, you may either 1) login to the Maximo Website Application and modify your Personal Information in the profile area of your account or, 2) contact your Maximo support team at your facility.
Sodexo maintains appropriate physical, administrative, and technical security safeguards with respect to its offices and information storage facilities so as to prevent the loss of, misuse, unauthorized access to, disclosure, and/or modification of Personal Information. For transmission purposes, we encrypt Personal Information prior to sending with the use of Secure Socket Layer (SSL) technology so as to ensure your information is safe as it is sent over the Internet to our Maximo website Application through the user interface and/or where it is stored before loading to the Maximo website Application in our SharePoint site.
Information transferred using e-mail will be in clear-text and not encrypted.
Enforcement and Dispute Resolution